skip to main content
research-article

Application Deployment Strategies for Spatial Isolation on Many-Core Accelerators

Authors Info & Claims
Published:13 February 2018Publication History
Skip Abstract Section

Abstract

Current cache Side-Channel Attacks (SCAs) countermeasures have not been designed for many-core architectures and need to be revisited in order to be practical for these new technologies. Spatial isolation of resources for sensitive applications has been proposed taking advantage of the large number of resources offered by these architectures. This solution avoids cache sharing with sensitive processes. Consequently, their cache activity cannot be monitored and cache SCAs cannot be performed. This work focuses on the implementation of this technique in order to minimize the induced performance overhead. Different strategies for the management of isolated secure zones are implemented and compared.

References

  1. Ghassan Almaless. 2014. Operating System Design and Implementation for Single-Chip cc-NUMA Many-Core. Ph.D. Dissertation. Université Pierre Marie Currie (PMC), France.Google ScholarGoogle Scholar
  2. axTLS embedded SSL. 2016. Retrieved from http://axtls.sourceforge.net/.Google ScholarGoogle Scholar
  3. AES implementation in ∼300 lines of code ∣ C Code Blog. 2017. Retrieved from https://ccodeblog.wordpress.com/2012/05/25/aes-implementation-in-300-lines-of-code/.Google ScholarGoogle Scholar
  4. Gilles Barthe, Gustavo Betarte, Juan D. Campo, Carlos Luna, and David Pichardie. 2014. System-level non-interference for constant-time cryptography. In Proc. of the Conference on Computer and Communications Security. ACM, 1267--1279. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Daniel J. Bernstein. 2005. Cache-Timing Attacks on AES. Technical Report. Retrieved from https://cr.yp.to/antiforgery/cachetiming-20050414.pdf.Google ScholarGoogle Scholar
  6. Johannes Blömer and Volker Krummel. 2007. Analysis of countermeasures against access driven cache attacks on AES. Selected Areas in Cryptography 4876 (2007), 96--109. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Joseph Bonneau and Ilya Mironov. 2006. Cache-collision timing attacks against AES. In Proc. of the International Workshop on Cryptographic Hardware and Embedded Systems (CHES). Springer, 201--215. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Paolo Burgio, Marko Bertogna, Ignacio Sanudo Olmedo, Paolo Gai, Andrea Marongiu, and Michal Sojka. 2016. A software stack for next-generation automotive systems on many-core heterogeneous platforms. In Proc. of the Euromicro Conference on Digital System Design (DSD). IEEE.Google ScholarGoogle ScholarCross RefCross Ref
  9. Juan Campo. 2016. Formally Verified Countermeasures Against Cache Based Attacks in Virtualization Platforms. Ph.D. Dissertation. Montevideo: UR.FI.INCO.Google ScholarGoogle Scholar
  10. Stephen Crane, Andrei Homescu, Stephan Brunthaler, Per Larsen, and Michael Franz. 2015. Thwarting cache side-channel attacks through dynamic software diversity. In Proc. of the Annual Network and Distributed System Security Symposium, (NDSS). IEEE, 142--151.Google ScholarGoogle ScholarCross RefCross Ref
  11. Joan Daemen and Vincent Rijmen. 2002. The Design of Rijndael: AES-The Advanced Encryption Standard (1st ed.). Springer-Verlag, Berlin. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Dmitry Evtyushkin, Jesse Elwell, Meltem Ozsoy, Dmitry Ponomarev, Nael Abu-Ghazaleh, and Ryan Riley. 2016. Flexible hardware-managed isolated execution: Architecture, software support and applications. IEEE Transactions on Dependable and Secure Computing (TDSC) PP (2016), 1.Google ScholarGoogle Scholar
  13. César Fuguet Tolero. 2016. Introduction of Fault-Tolerance Mechanisms for Permanent Failures in Coherent Shared-Memory Many-Core Architectures. Ph.D. Dissertation. Université Pierre Marie Currie (PMC), France.Google ScholarGoogle Scholar
  14. Quian Ge, Yuval Yarom, David Cock, and Gernot Heiser. 2016. A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. Journal of Cryptographic Engineering (Cryptogr Eng) 1--27 (2016), 1.Google ScholarGoogle Scholar
  15. Daniel Gruss, Clémentine Maurice, Klaus Wagner, and Stefan Mangard. 2016. FLUSH+FLUSH: A fast and stealthy cache attack. In Proc. of the Conference on Detection of Intrusions and Malware 8 Vulnerability Assesment (DIMVA). Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Roberto Guanciale, Hamed Nemati, Christoph. Baumann, and Mads Dam. 2016. Cache storage channels: Alias-driven attacks and verified countermeasures. In Proc. of the Symposium on Security and Privacy (SP). IEEE.Google ScholarGoogle ScholarCross RefCross Ref
  17. David Gullasch, Endre Bangerter, and Stephan Krenn. 2011. Cache games-bringing access-based cache attacks on AES to practice. In Proc. of the Symposium on Security and Privacy (SP). IEEE, 490--595. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2015. S$A: A shared cache attack that works across cores and defies VM sandboxing and its application to AES. In Proc. of the Symposium on Security and Privacy (SP). IEEE. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2016. Cross processor cache attacks. In Proc. of the 11th Asia Conference on Computer and Communications Security (ASIA CCS). ACM, 353--364. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Kalray’s. 2016. MPPA. Retrieved from http://www.kalrayinc.com/kalray/products/.Google ScholarGoogle Scholar
  21. Mehmet Kayaalp, Nael Abu-Ghazaleh, Dmitry Ponomarev, and Aamer Jaleel. 2016. A high-resolution side-channel attack on last-level cache. In Proc. of the 53rd Annual Design Automation Conference (DAC). ACM, 72. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Taesoo Kim, Marcus Peinado, and Gloria Mainar-Ruiz. 2012. STEALTHMEM: System-level protection against cache-based side channel attacks in the cloud. In Proc. of the 21st Security Symposium, USENIX (Ed.). Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Fangfei Liu, Yuval Yarom, Quian Ge, Gernot Heiser, and Ruby B. Lee. 2015. Last-level cache side-channel attacks are practical. In Proc. of the Symposium on Security and Privacy (SP). IEEE, 605--622. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Maria Méndez Real, Philipp Wehner, Vincent Migliore, Vianney Lapotre, Diana Goehringer, and Guy Gogniat. 2016a. Dynamic spatially isolated secure zones for noc-based many-core accelerators. In Proc. of the International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC), IEEE (Ed.).Google ScholarGoogle ScholarCross RefCross Ref
  25. Maria Méndez Real, Philipp Wehner, Jens Rettkowski, Vincent Migliore, Vianney Lapotre, Diana Goehringer, and Guy Gogniat. 2016b. MPSoCSim extension: An OVP simulator for the evaluation of cluster-based multicore and many-core architectures. In Proc. of the International Conference on Embedded Computer Systems: Architectures, Modeling, and Simulation (SAMOS). IEEE.Google ScholarGoogle ScholarCross RefCross Ref
  26. Dag A. Osvik, Adi Shamir, and Eran Tromer. 2006. Cache attacks and countermeasures: The case of AES. In Proc. of the RSA Conference Cryptographers Track (CT-RSA). Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. OVP. 2017. Open Virtual Platforms. Retrieved from https://www.ovpworld.org/.Google ScholarGoogle Scholar
  28. Dan Page. 2005. Partitioned Cache Architecture as a Side-Channel Defense Mechanism. Cryptology ePrint Archive, Report 280.Google ScholarGoogle Scholar
  29. Colin Percival. 2005. Cache missing for fun and profit. In BSDCan 2005.Google ScholarGoogle Scholar
  30. Himanshu Raj, Ripal Nathuji, Abhishek Singh, and Paul England. 2009. Resource management for isolation enhanced cloud services. In Proc. of the 2009 ACM Workshop on Cloud Computing Security (CCSW). ACM, 77--84. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Cezar Reinbrecht, Altamiro Susin, Lilian Bossuet, and Johana Sepulveda. 2016a. Gossip noc -- avoiding timing side-channel attacks through traffic management. In Proc. of the Computer Society Annual Symposium on VLSI (ISVLSI). IEEE.Google ScholarGoogle ScholarCross RefCross Ref
  32. Cezar Reinbrecht, Altamiro Susin, Lilian Bossuet, Georg Sigl, and Johanna Sepulveda. 2016b. Side channel attack on NoC-based MPSoCs are practical: NoC prime+probe attack. In Proc. of the 29th Symposium on Integrated Circuits and Systems Design (SBCCI). IEEE. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Martha J. Sepulveda, Jean-Philippe Diguet, Marius Strum, and Guy Gogniat. 2015. NoC-based protection for SoC time-driven attacks. IEEE Embedded Systems Letters 7, 1 (2015), 7--10.Google ScholarGoogle ScholarCross RefCross Ref
  34. Jicheng Shi, Xiang Song, Haibo Chen, and Binyu Zang. 2011. Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring. In Proc. of the 41st International Conference on Dependable Systems and Networks Workshops (DSN-W). IEEE, 194--199. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. OVP 8 SystemC. 2017. Open Virtual Platforms Imperas Software Limited. Retrieved from http://www.ovpworld.org/technology_systemc.Google ScholarGoogle Scholar
  36. Nist AES test vectors. 2001. Recommendation for block cipher modes of operation: methods and techniques-nistspecial-publication800-38.a.pdf. Retrieved from http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf.Google ScholarGoogle Scholar
  37. TILE-Gx36. 2017. Mellanox Products: TILE-Gx36 Processor. Retrieved from http://www.mellanox.com/page/products_dyn?product_family=2378mtag=tile_gx36.Google ScholarGoogle Scholar
  38. TILE-Gx72. 2017. Mellanox Technologies -End-to-End Connectivity for HPC and Data Center Server and Storage. Retrieved from http://www.mellanox.com/page/products_dyn?product_family=2388mtag=tile_gx72.Google ScholarGoogle Scholar
  39. Eran Tromer and Dag A. Osvik. 2010. Analysis of countermeasures against access driven cache attacks on AES. Journal of Cryptology 23, 1 (2010), 37--71.Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Pham Trung-Dung, Nguyen Van-Tien, and Nguyen Truong-Son. 2016. Development of a many-core architecture for automotive embedded systems. Journal of Automation and Control Engineering 4, 2 (2016), 147--152.Google ScholarGoogle ScholarCross RefCross Ref
  41. TSAR. 2014. Retrieved from https://www-soc.lip6.fr/trac/tsar.Google ScholarGoogle Scholar
  42. TSUNAMY. 2016. The TSUNAMY project. Retrieved from https://www.tsunamy.fr.Google ScholarGoogle Scholar
  43. Yao Wang and Suh G. Edward. 2014. Cache games-bringing access-based cache attacks on AES to practice. In Proc. of the 6th International Symposium on Networks on Chip (NoCS). IEEE/ACM.Google ScholarGoogle Scholar
  44. Zhenghong Wang and Ruby B. Lee. 2007. New cache designs for thwarting software cache-based side channel attacks. In Proc. of the Symposium on Computer Architecture (ISCA). IEEE, 494--505. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Philipp Wehner, Jens Rettowski, and Diana Goehringer. 2015. MPSoCSim: An extended OVP simulator for modeling and evaluation of network-on-chip based heterogeneous MPSoCs. In Proc. of the International Conference on Embedded Computer Systems: Architectures, Modeling, and Simulation (SAMOS). IEEE.Google ScholarGoogle ScholarCross RefCross Ref
  46. Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack. In Proc. of the Security Symposium, USENIX (Ed.). 719--732. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Application Deployment Strategies for Spatial Isolation on Many-Core Accelerators

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!